{{ ansible_managed | comment }}

[Unit]
Description=alertmanager
After=network-online.target

[Service]
Type=simple
Environment="GOMAXPROCS={{ ansible_processor_vcpus|default(ansible_processor_count) }}"
User=prometheus
Group=prometheus
ExecReload=/bin/kill -HUP $MAINPID
ExecStart=/usr/local/bin/alertmanager \
  --config.file=/etc/prometheus/alertmanager.yml \
  --storage.path=/var/lib/alertmanager/ \
  --data.retention=120h \
  --web.route-prefix=/ \
  --web.external-url=http://{{ ansible_host }}:9093 \
  --web.listen-address=0.0.0.0:9093
CapabilityBoundingSet=CAP_SET_UID
LimitNOFILE=65000
LockPersonality=true
NoNewPrivileges=true
MemoryDenyWriteExecute=true
PrivateDevices=true
PrivateTmp=true
ProtectHome=true
RemoveIPC=true
RestrictSUIDSGID=true

ProtectSystem=full

SyslogIdentifier=prometheus
Restart=always

[Install]
WantedBy=multi-user.target
